By Susan Richardson, Manager/Content Strategy, Code42
Read through the recent Wall Street Journal ransomware article and you’ll find some great stats on the growing threat and cost. One thing you won’t find: the word “backup.” We’re happy to see ransomware finally getting the attention it deserves, but why discuss the problem and leave out the obvious, simple antidote? It’s like an article on a bike theft epidemic that fails to mention that none of the bikes were locked up.
Focusing on payment: a dangerous way to frame the issue
The WSJ article backs up stats on the increasing threat with stories of both people and businesses victimized by ransomware. But these case studies use quotes like “he had no choice” and “this is a worthwhile bet” to frame paying the ransom as the unfortunate, inevitable, and ultimately, most responsible option, which couldn’t be further from the truth. When payment results in the return of stolen data, the WSJ concludes the “investment paid off”—confirming that extortion promises dividends.
Paying the ransom is the fool’s bet
The problem with paying the anonymous extortionist? Look at the major ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles earlier this year. The hospital paid the ransomers’ initial demand of $9,000, but they didn’t get their data back. Instead, the perp demanded an additional $8,000 the very next day.
Why would you bet on criminals staying true to their word? It’s foolish to expect honor and decency among thieves.
Stockpiling bitcoin = playing into the ransomer hand
The closest the article comes to the idea of “being prepared” is highlighting the alarming trend of businesses stockpiling bitcoin so they can quickly pay when ransomware inevitably strikes. A recent U.K. survey found that one in three companies have bitcoin reserves in case of ransomware. But more telling, half of these companies don’t even have daily data backup.
Again, it’s like hanging a sign on your bike that says, “REWARD for bike’s return,” instead of just getting a bike lock.
Endpoint backup is the only bet worth taking
Ransomware can make for a sensational narrative, but the real story is actually much simpler. Unlike most other infosecurity threats, ransomware has an easy antidote: endpoint backup. With the automatic, continuous and near-real-time backup of all endpoint data, your headline is “We Laugh at Ransomware.” You start clean, stream all your data back, minimize the downtime, and get back to work with no bitcoin drama.
So, in case the WSJ is listening, here’s how the story should have gone: Ransomware is increasing. The costs can be huge. The only investment that pays off—the only bet worth taking—is modern endpoint backup. Back up your data. Never pay the ransom. The end.